fy17-fy18 audit plan office of internal auditing 58% of direct time to internal audit engagements...
TRANSCRIPT
FY17-FY18 Audit Plan
Office of Internal Auditing
-Page Intentionally Blank-
TABLE OF CONTENTS
Executive Summary ................................................................................... 4
Audit Plan Details ..................................................................................... 6
Budgeted Hours ......................................................................................... 7
Risk Assessment ........................................................................................ 8
Allocation of Resources ............................................................................ 9
Audit Plan Schedule ................................................................................ 10
Goals & Performance Measurements ...................................................... 11
4 University of North Florida | Office of Internal Auditing
EXECUTIVE SUMMARY
The Office of Internal Auditing (OIA) supports
and assists the Board of Trustees and Executive
Management in the accomplishment of
University goals and objectives by providing:
Insight into operations,
Reasonable assurance regarding the
effectiveness and efficiency of activities,
and
Independent and objective evaluations.
Generally Accepted Government Auditing
Standards and The Institute of Internal Auditors’
Standards require a risk based audit plan with
review and approval from the governing
authority. This report represents the Office of
Internal Auditing’s proposal for a two year audit
plan for the fiscal years 2017 and 2018.
Developing the audit plan requires that we
assess risks and prioritize resources to manage
projects effectively. Our focus this year will be
to invest in our staff so that we can deliver
valuable audit services to stakeholders
throughout campus.
In doing such, the office is currently devoting
direct audit hours in completing its Quality
Assurance Review (QAR). Through the QAR
process, the OIA has taken opportunities to
improve its audit and consulting practices and
conformance to the Standards. In addition to the
QAR, the office has dedicated hours to review
data controls over the performance based funding
file submissions. The Board of Governors have
continued to request Internal Audit’s assistance
in validating data integrity controls. Lastly, we
will begin introducing a series of departmental
audits and compliance audits. The OIA
respectfully submits the following audit plan
proposal, to the Board of Trustees. We
appreciate your time in reviewing the proposed
plan and welcome your feedback, comments, and
requests.
University of North Florida | Office of Internal Auditing 5
Proposed FY17-FY18 Audit Plan The proposed audit plan i s displayed to the
right. The prior audit plan, approved from 2015,
included two audits which were not started,
Library and Firewalls. We respectfully request
not to carry these forward.
Direct Resource Allocation There are currently three professional audit staff
and one support staff contributing
approximately 10,610 direct hours to perform
internal audits, consulting, investigations, and
follow-up activities in a two year period. The
department has one Director with over 16 years
of audit experience and two auditors with up to
three years of audit experience.
It is important to allocate resources in a manner
that addresses University risks. The proposed
audit plan was developed utilizing information
obtained from senior management judgement,
requests, financial analysis, and risk assessment
knowledge in the industry. With over 200
departments and other critical areas on campus,
it is important to prioritize audit activities to
strategically align with UNF’s priorities. In
addition, it is important to have a balance of
departmental reviews, information technology,
and compliance audits within the plan.
Performance Measurements OIA performance measurements are designed to
measure personnel, productivity,
communications, and quality of service. These
are important metrics to determine in
preparation for completing the work plan.
*Note: Third Party Request
Proposed FY17-FY18 Audit Plan:
1 Distance Learning Fee
2 Quality Assurance Review, OIA
3 FY17 Performance Based Funding*
4 Driver and Vehicle Information Database
(DAVID)*
5 College of Education and Human Services,
Dean's Office
6 Brooks College of Health, Dean's Office
7 College of Arts and Sciences, Dean's Office
8 Jeanne Clery Act
9 Title IX
10 Personal Identifiable Information (PII)
11 Student Health Services
12 FY18 Performance Based Funding*
Direct Resource Stats Percentage Internal Audits (areas listed above) 58% Consulting Hours 20%
Investigations 9%
Follow Up 5%
Other Direct Hours 8%
Total 100%
Performance Measurements
Personnel Measurements
Number of Staff Certifications
Professional Development, Trainings
Productivity Measurements
Number of Audits completed per year
Percentage of Budget Reviewed
Communications
Quarterly Audit and Compliance
Reporting
Number of Monthly VP Meetings
Quality of Service
Client Satisfaction Score
6 University of North Florida | Office of Internal Auditing
Audit Plan Details
It is our goal to provide a balanced and diverse
audit plan that addresses core university
functions. This year, the risk assessment process
emphasis weighed heavily on management input,
requested audits, and areas that have had limited
prior reviews.
To ensure diverse coverage, we have divided the
plan into four segments:
1. Departmental Checkups:
College of Education and Human
Services, Dean’s Office
Brooks College of Health, Dean’s Office
College of Arts and Sciences, Dean’s
Office
Student Health Services
2. Compliance:
Quality Assurance Review, OIA
Jeanne Clery Act
Title IX
3. Information Technology
Personal Identifiable Information (PII)
4. Third Party Requests:
Board of Governors, Performance Based
Funding Data Integrity Audit
Driver and Vehicle Information
Database (DAVID)
The purpose for developing a process for
departmental audits (also known as department
checkups), will help develop our relationships
across campus while providing feedback to areas
on their overall conformance to various UNF
standards. The scope of a departmental audit
may include travel, payroll, expenditure and
purchasing analysis, safety, inventory,
information technology, and other items
unique to that unit. Compliance audits
were added to the audit plan, as well. We
will provide critical feedback to senior
leaders in the university’s overall
performance to comply with a set of
standards or regulations. Information
technology audits will give more insight
to the university’s information technology
infrastructure. Lastly, there will be
periodic times when an external request is
made to OIA to assist in performing an
audit. The Board of Governors will most
likely continue to request audits within
the Performance Based Funding controls.
In addition, the university has received a
request for an attestation audit of the
Driver and Vehicle Information Database
by the Florida Department of Highway
Safety and Motor Vehicles.
All final audit reports will be dispersed to
the Board of Trustees Chair, and the
Audit and Compliance Committee, in
addition to the university president and
applicable departments. Once accepted
by the UNF Board of Trustees Audit and
Compliance Committee, the report will be
submitted to the Board of Governors,
Office of Inspector General.
University of North Florida | Office of Internal Auditing 7
Budgeted Hours
The Office of Internal Auditing (OIA) has three audit professionals and one administrative support. The
department structure provides approximately 16,640 of total available hours. After allocating indirect time for
paid leave and administration, 10,610 of net direct hours are available for a two year period. The OIA allocates
64% of the available hours to direct audit services. Specific direct audit services include internal audits,
consulting, investigations, and follow-up on outstanding audit issues. Ideally, a majority of the direct time
allocation should be to internal audit engagements. Therefore, we have developed a time allocation strategy that
dedicates 58% of direct time to internal audit engagements while allowing sufficient time for follow-up,
investigations, and consulting services.
Two Year Audit Plan Detail – Direct Resources
Budgeted Hours
Direct Hours - Non-Audits:
Follow-up Reviews 520
Investigations 960
Consulting Services 2,110
Direct Hours Non-Audit Total: 3,590
Direct Hours - Planned Audits:
1 Distance Learning Fee 400
2 Quality Assurance Review 550
3 FY17 Performance Based Funding 550
4 DAVID 380
5 College of Education and Human Services, Dean's Office 500
6 Brooks College of Health, Dean's Office 500
7 College of Arts and Sciences, Dean's Office 450
8 Jeanne Clery Act 550
9 Title IX 600
10 Personal Identifiable Information (PII) 700
11 Student Health Services 400
12 FY18 Performance Based Funding 600
Direct Hours - Planned Audits: 6,180
Other Direct Support:
Risk Assessment, Work Plans 450
Audit System Development 230
Hotline Support Activities 160
Other Direct Support Activities Total: 840
Total Direct Hours 10,610
8 University of North Florida | Office of Internal Auditing
Risk Assessment
In partnering with management to create a risk conscious climate, the Office of Internal Auditing (OIA)
performs a risk based audit plan. This allows us to focus audit priorities on areas where risk exposure is
potentially the greatest. Assessing risk is an essential component of risk based audit planning. The risk
assessment serves as a means to:
Identify the population of activities performed in fulfilling and/or affecting the
university’s mission,
Measure the “riskiness” of activities, and
Develop an audit plan based on “riskiness” and resource availability.
The risk assessment process involves measuring risk factors to derive a risk score. As mentioned earlier,
we have divided the audit plan into segments, below. Our methods to provide a risk label of high,
moderate, or low includes a review of many areas and processes across the university and their financial,
compliance, stakeholder impact, public sensitivity, complexity of operations, and environmental change
and growth. Below, includes additional areas which were considered in OIA’s risk assessment but given
a lower priority due to limited available resources to review at this time. We recommend to continue
monitoring these areas for our rolling audit plan.
Departmental
Checkup
Campus-wide
Compliance
Information
Technology
Library Employee
Separation
Process
IT
Governance
International
Center
Camps Network
Security
Chemistry Athletics NCAA Data Security
Housing HIPAA Data Integrity
Biology Minors on
Campus,
User Access
Controls
Civil Engineering Chemical
Handling, Lab
Safety
Firewalls
Music Cash Handling PCI DSS
University of North Florida | Office of Internal Auditing 9
Allocation of Resources
Direct Assurance Hours
Assurance Services Time Allocation
The Office of Internal Auditing has three audit professionals within which effort must be effectively
and efficiently allocated to deliver services. Specific services include internal audits, consulting,
investigations, and follow-up on outstanding audit issues. Ideally, a majority of the direct time
allocation should be to internal audit engagements. Therefore, we have developed a time allocation
strategy that dedicates over 58% of direct time to these engagements.
10 University of North Florida | Office of Internal Auditing
Audit Plan Schedule
Two Year Audit Plan Schedule There are seven (7) audits scheduled for the 2017 fiscal year and five (5) audits scheduled in fiscal year 2018. Benchmarking statistics indicate that a
department of our size should perform between 3 to 7 audit engagements in a given fiscal year and the average audit ranges between 300 and 600
hours. Projects not completed in FY17 will carry forward to FY18. We would like to anticipate to complete, on average, two audits per quarter.
Scheduling
Hours Q1 Q2 Q3 Q4
FY Budget Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun
2017 Distance Learning Fee 400
2017 Quality Assurance Review 550
2017 Performance Based Funding 550
2017 DAVID 380
2017 COEHS 500
2017 Personal Identifiable Information (PII) 700
2017 Jeanne Cleary Act 550
2018 Student Health Services 400
2018 Brooks College of Health 500
2018 Performance Based Funding 600
2018 COAS 450
2018 Title IX 600
University of North Florida | Office of Internal Auditing 11
Goals & Performance Measurements
Standards for the Professional Practice of Internal Auditing, promulgated by the Institute of Internal
Auditors, state that, “The chief audit executive must develop and maintain a quality assurance and
improvement program.” Overall, the program should be designed to enable an evaluation of the internal
audit activity’s conformance to standards and allow an assessment of the efficiency and effectiveness of
the internal audit activity.
In response to this requirement, we developed performance measurements designed as a basis for
evaluating the department’s performance. The measurements, presented below, include goals for
personnel, productivity, communication, quality and effectiveness.
Performance Measurement Summary
# Measurement Goal/Criteria
Personnel Measurements Target Range
1 Number of Staff Certifications / department 3 or more
2 Professional Development Hours/ department 120 hours or more
Productivity Measurements
3 Number of Audits completed per year 5 to 7 audits
4 Percentage of University Budget Reviewed 5% or more
5 Number of Departments Engaged 10 or more
Communications
6 Audit Status Updates with Board of Trustees 4 to 6 per year
7 Number of VP Updates Meetings / year 40 or more
Quality and Effectiveness
8 Client Satisfaction Score, % Agree with Services 75% or more
University of North Florida | Error! Reference source not found. 16
Contact the Office of Internal Auditing
WEBSITE http://www.unf.edu/internal_auditing/
MAIL 1 UNF Drive Jacksonville, Florida 32224
PHONE 904.620.2851
UNF HOTLINE Via the reporting tool on the website